Vulnerability Management

US CERT issues warning on ASLR vulnerability in Windows

US CERT has issued a warning on a vulnerability in Windows' Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10 which could an attacker to take control of an affected system.

CERT's Will Dormann wrote in Vulnerability Note #817544 that both the Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard without also enabling system-wide bottom-up ASLR. ASLR is designed to prevent code-reuse attacks by loading modules in non-predictable addresses, however, the default setting for Windows Defender Exploit Guard GUI is "On by default" and does not reflect the underlying registry value (unset) resulting in programs being relocated to the same address even if the computer is rebooted.

“Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier,” Dormann wrote.

There is no solution at this time, but Microsoft is investigating the issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.